Posted by: melloa

Posted by: Edd Noman

Looks good so far, but we should add a note that zabbix client or snmp needs to be installed \ configured on the server and devices before the discovery rules are enabled, otherwise it will only be detected by the Ping rule, and the monitoring will be does it respond to ping every x seconds (I added the Ping rule as a catch all other devices so that you know what devices that need some extra attention)

Also I would recommend to disable the Admin user and create your own user for login even tho you have changed the password and you trace the logs and it says admin did the change, not Mello or Noman in the logs, since this is a enterprise level software it should have a note about that.

We should also add in setting up the email and sms alerting before creating the discovery rules, whit is the point of having a monitoring system without getting alerted when it is triggered ?

This is just some of the thougts I have from laying sick in beed whit my laptop

Posted by: melloa

These are good instructions, but you are missing a whole lot of Zabbix configurations in between setting a new system password and accessing the webgui, I have alot of this wirtten up in a document here as generic notes, but ost of that information is also found in the documentation: https://www.zabbix.com/documentation/3.2/manual/appliance

I'll add the missing parts, but basically what I saw missing are: ssh setup, some passwords, vmware tool, and time zone.

Posted by: Edd Noman

These are good instructions, but you are missing a whole lot of Zabbix configurations in between setting a new system password and accessing the webgui, I have alot of this wirtten up in a document here as generic notes, but ost of that information is also found in the documentation: https://www.zabbix.com/documentation/3.2/manual/appliance

This is what I have so far for zabbix installation, there are missing a few pices and nmap and sudo access but that is easy added on a later stage

Zabbix InstallationDownload ISO file from: https://sourceforge.net/projects/zabbix/Latest version in time of writing is: 3.2.6Latest version is based on a customized Ubuntu 14.04 releaseInstall server whit mysql option (would love a nginx and mariadb version), follow the onscreen instructionsSystems default credentials are:Core Server System: User: appliance \ Password: zabbixDatabase:User: root \ Password: <random>User: zabbix \ Password: <random>Database passwords are randomly generated during the installation process.Root password is stored to /root/.my.cnf file, it is not required to input a password under the “root” account.To change the database user password it has to be changed in the following locations:MySQL;/etc/zabbix/zabbix_server.conf;/etc/zabbix/web/zabbix.conf.php.Zabbix frontend WebGUIUser: Admin \ Password: zabbix

Login to system shell and get root access and change the root password; User: appliance \ Password: zabbixsudo –I this changes your user appliance into the root userpasswd this lets you change the password of the current user, now you have gotten your root password set to something known, I recommend setting a strong password as root user have full access to your server and it should not be trivial to get a hold ofI like to work from a SSH connection so edit /etc/ssh_config and /etc/sshd_config to allow root to access the system from a SSH tunnel at least until you are done making changes to the core systemIn /etc/ssh_config I have the default settings except# PasswordAuthentication yes is changed to PasswordAuthentication yesadded the line: PermitRootLogin yesSave and exitIn /etc/sshd_config I have the default settings except# Authentication:LoginGraceTime 360PermitRootLogin yesStrictModes yesSave and exitNow restart SSH server whit command: service ssh restartwhen this is done open your favorite terminal or console and connect to your server I like to use Putty - http://www.putty.org/Now if you are like me and are running Zabbix Server as a VM the next thing you would like to do is install the VM drivers and toolkits so that you get better performance of your monitoring VMFor VM’s running on a vmware platform the commands are as following:apt-get update or sudo apt-get update if you are not at root levelapt-get install open-vm-tools or sudo apt-get install open-vm-tools if you are not at root levelreboot or sudo reboot if you are not at root levelFor VM’s running on VirtualBox platform the commands are as following:apt-get update or sudo apt-get update if you are not at root levelapt-get install build-essential module-assistant or sudo apt-get install build-essential module-assistant if you are not at root levelm-a prepare or sudo m-a prepare if you are not at root level

Now click "Devices > Insert guest additions CD image" in the virtualbox window. This will insert the guest additions cd image into the guest OSThe cd-image should be located on the path /media/root/VBOXADDITIONS_X.X or /media/appliance/VBOXADDITIONS_X.X depending on what user level you are atNavigate to the directory and run the script named VBoxLinuxAdditions.runcd /media/root/VBOXADDITIONS_X.X or cd /media/appliance/VBOXADDITIONS_X.X./VBoxLinuxAdditions.run or sudo ./VBoxLinuxAdditions.run if you are not at root levelWhen it is done you should see the following line:Building the VirtualBox Guest Additions kernel modules ...done.reboot or sudo reboot if you are not at root levelAfter the server has rebooted we want to change some of the system settings to match our environment and location, this includes timesync, zoneinfo, dnsCheck that you have the correct nameservers and dns server specified for your server so that zabbix is able to resolve IP’s into hostnames this is done by editing /etc/resolv.conf

nameserver 10.99.99.1nameserver 192.168.55.254search vmlab.lansearch qnett.lanThis tells the Zabbix server that my dns server is at IP 10.99.99.1 and that my domain is vmlab.lan, if you have a router whit dhcp your server should have gotten this information automaticly, if you would like to add a custom server you just enter each value as its own line.Now to change the zoneinfo and localization of the server this is done by editing the /etc/localtime file this is done by copying the right zone file overThe zone files are located under: /usr/share/zoneinfo//usr/share/zoneinfo /Africa/usr/share/zoneinfo /America/usr/share/zoneinfo /Asia/usr/share/zoneinfo /EuropeIn my case I would have to set it to /usr/share/zoneinfo /Europe/Oslo as I am in Norwaycp /usr/share/zoneinfo/Europe/Oslo /etc/localtimeYou would need to select the city closest to your location

Now we need to change the default Zabbix timezone as it it hardcoded to be Europe/Riga this is done by editing the file /etc/apache2/conf-available/zabbix.confAs per default it will try to synchronize its clock whit the Ubuntu servers, but we would like to synchronize it whit our local time servers so all the systems in our data-center keep the same time, as this is very important for monitoring, logs and reporting purposes we need to install NTP services as this is not installed whit the zabbix installer isosudo apt-get updatesudo apt-get install ntpIf you have followed some of my other guides you might recall that I configured my pfSense firewall to act as a local time server for my local network, and I want the zabbix server to get its time synced from that pfSense firewall like any other device To do this we need to edit the file /etc/ntp.conf# Specify one or more NTP servers.server 10.99.99.1 prefer iburstserver pfsense.vmlab.lan prefer iburstserver 0.no.pool.ntp.orgserver 1.no.pool.ntp.orgserver 2.no.pool.ntp.orgserver 3.no.pool.ntp.orgAs you can see I have set it to prefer my local pfSense firewall whit both IP and DNS and then added the Norwegian servers of the ntp.org project this is incase my ntp server running at the firewall could have issues one day and it would then fall back to use close external timeservers so it does not lose its time configuration Now restart NTP whit command: sudo service ntp restartTest that NTP is working correctly: watch ntpq -cpe –casMore information about ntp on Ubuntu servers are here: https://blogging.dragon.org.uk/setting-up-ntp-on-ubuntu-14-04/When the server is rebooted navigate to its webgui and login whit Admin:zabbixWe want to configure 3 things on the server, which is Host Group, Discovery rules and Action rulesHost Group: This is just a sorting group and serves no other purpose than labeling and sorting different type of devices and servers so you can apply different monitoring rules and parameters to different Host GroupsDiscovery Rules: These are the rules that you create that define how and where the Zabbix Server should look for network devices and servers, in short here is where you define the rules for SNMP, PING or Zabbix Client.Action Rules: These are the rules that says what should happen whit newly discovered devices and servers, should they be added to a Host Group, and should they be assigned a monitoring pattern based of what type of device that were detected whether it is a router or switch using SNMP or a Windows Domain Controller responding to PING or Zabbix Client installed.This is the very basic configuration needed to get the monitoring going on ZabbixNavigate to Configuration -> Host Groups -> Create new Host GroupI create the following 3 Host GroupsmyNetwork.ZabbxmyNetwork.SNMPmyNetwork.PINGNavigate to Configuration -> Discovery -> Create Discovery ruleI create the following 3 Discovery rulesDiscovery.ZabbixDiscovery.SNMPDiscovery.PINGDiscovery.ZabbixName: Discovery.ZabbixDiscovery by proxy: No ProxyIP range: 10.99.99.0-254Delay (in sec): 3600Checks: Zabbix agent – default values, key= system.unameDevice uniqueness criteria: IP addressEnabled: NO (unchecked)

When these rules are enabled let it run for a couple of hours as scanning the network for all your devices will take some time depending on your network layout, how many devices that are on it and the hardware of your Zabbix Server

Posted by: melloa

P.S. For obvious reasons, suggestions and changes should be submitted as posts on this thread. P.S. 2. Going forward I'll post in pdf format, so people will be less concerned ... but wait ... I also can send virus inside a pdf